<?php /* PUBLIC $Id: chpwd.php,v 1.8.8.1 2006/03/04 13:32:33 gregorerhardt Exp $ */
if (! ($user_id = dPgetParam($_REQUEST, 'user_id', 0)) )
	$user_id = @$AppUI->user_id;

// check for a non-zero user id
if ($user_id) {
	$old_pwd = db_escape( trim( dPgetParam( $_POST, 'old_pwd', null ) ) );
	$new_pwd1 = db_escape( trim( dPgetParam( $_POST, 'new_pwd1', null ) ) );
	$new_pwd2 = db_escape( trim( dPgetParam( $_POST, 'new_pwd2', null ) ) );

	// has the change form been posted
	if ($new_pwd1 && $new_pwd2 && $new_pwd1 == $new_pwd2 ) {
		// check that the old password matches
		$old_md5 = md5($old_pwd);
		$sql = "SELECT user_id FROM users WHERE user_password = '$old_md5' AND user_id=$user_id";
		if ($AppUI->user_type == 1 || db_loadResult( $sql ) == $user_id) {
			require_once( "{$dPconfig['root_dir']}/modules/admin/admin.class.php" );
			$user = new CUser();
			$user->user_id = $user_id;
			$user->user_password = $new_pwd1;

			if (($msg = $user->store())) {
				$AppUI->setMsg( $msg, UI_MSG_ERROR );
			} else {
				$AppUI->setMsg( $AppUI->_('chgpwUpdated'), UI_MSG_OK );
			}
		} else {
			$AppUI->setMsg( $AppUI->_('chgpwWrongPW'), UI_MSG_ERROR);
		}
		$AppUI->redirect();
	} else {
?>
<form name="frmEdit" action="index.php?m=public&a=chpwd&suppressHeaders=1" method="post" onsubmit="return false">
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
<table cellspacing="0" cellpadding="4" border="0">
<tr>
	<th colspan="4" bgcolor="#E0E0E0"><?=$AppUI->_('Change User Password')?></th>
</tr>
<?php if ($AppUI->user_type != 1) { ?>
<tr>
	<td>&nbsp;</td>
	<td align="right" nowrap="nowrap"><?php echo $AppUI->_('Current Password');?></td>
	<td><input type="password" name="old_pwd" class="text"></td>
	<td>&nbsp;</td>
</tr>
<?php } ?>
<tr>
	<td rowspan="3">&nbsp;</td>
	<td align="right" nowrap="nowrap"><?php echo $AppUI->_('New Password');?></td>
	<td><input type="password" name="new_pwd1" class="text"></td>
	<td rowspan="3">&nbsp;</td>
</tr>
<tr>
	<td align="right" nowrap="nowrap"><?php echo $AppUI->_('Retype Password');?></td>
	<td><input type="password" name="new_pwd2" class="text"></td>
</tr>
<tr>
	<td>&nbsp;</td>
	<td align="right" nowrap="nowrap">
		<input type="button" value="<?=$AppUI->_('Apply')?>" onclick="doChangePassword()" class="button">
		<input type="button" value="<?=$AppUI->_('Cancel')?>" onclick="Dialog('idChangePassword').hide()" class="button">
	</td>
</tr>
<tr>
	<td colspan="4"><img src="images/blank.gif" width="1" height="1"/></td>
</tr>
</table>
<form>
<?php
	}
} else {
	echo $AppUI->_('chgpwLogin');
}
?>
